Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 200

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
The top 10 jobs in the U.S. for 2026 all pay $100,000 or more, according to Indeed
BNY raises profit target as CEO Robin Vince says 'turnaround' is taking hold
Salesforce releases updated Slackbot powered by Anthropic's AI model
Intel and AMD get upgrades at KeyBanc thanks to strong server demand for AI
Boeing secures tentative labor deal with former Spirit AeroSystems workers
Rates have dropped to the lowest point in years — here are the best lenders for refinancing your mortgage
Goldman Sachs CEO is looking at how the Wall Street bank can get involved in prediction markets
AI startup Replit launches feature to vibe code mobile apps
Venezuela oil fetching 30% higher price, U.S. energy chief says, after first sale worth $500 million
Here are Needham's top picks for 2026